Firewall Wizards mailing list archives

Re: hping

From: Darren Reed <darrenr () reed wattle id au>
Date: Tue, 15 Dec 1998 07:59:15 +1100 (EST)

In some email I received from Cristiano Lincoln Mattos, sie wrote:


      If you're thinking about something like traceroute, it already
exists, an interesting project called FireWalk:
http://www.es2.net/research/firewalk/


I'm somewhat disappointed with the diffs to traceroute at the bottom of
http://www.es2.net/research/firewalk/firewalk-final.html

The page does eventually arrive at the general idea that traceroute isn't
UDP/ICMP specific but takes much too long to get there and even then doesn't
really say much at all about it - but the cat is really out of the bag now
and if I were using FW-1, I'd be quite concerned about how leaky it is with
respect to TCP (and I wonder, how easy to exploit Cisco/Linux/other packet
filter rulesets ?).  mmm, IP Filter's statefullness for TCP :-)

The page does, at least, reference using port 53, but again the diff. for
traceroute fails to make it a true exploit of the "DNS port" case, even
though newer BIND releases are trying desperately hard to break the old
model of port associations for intra-server communications.

Darren

On Sat, 12 Dec 1998, Darren Reed wrote:


The cool thing about tools such as hping is what can be achieved through
those hosts acting as routers with Firewall-1 installed.

The next step with hping is, I think, even more interesting than what
can be seen with this (hint: hack on another very commonly used tool
like ping).

Darren

Current thread:

Re: hping Salvatore Sanfilippo (Dec 11)
- Re: hping Darren Reed (Dec 14)
  - Re: hping Cristiano Lincoln Mattos (Dec 18)
    - Re: hping Darren Reed (Dec 18)
  - Re: hping Jan B. Koum (Dec 18)
- traceroute using TCP (was Re: hping) Darren Reed (Dec 18)
- <Possible follow-ups>
- Re: hping ark (Dec 18)
  - Re: hping Salvatore Sanfilippo (Dec 18)
- Re: hping ark (Dec 18)